Privacy Policy

PRIVACY NOTICE AND POLICY: PROFORMAL PDF CONVERTER
Version: 1.1
Effective Date: February 15, 2026
Responsible Party: Pro Formal (PTY) LTD

1. INTRODUCTION AND SCOPE
ProFormal PDF Converter ("the Company," "we," "us," or "our") respects your privacy and is committed to protecting the personal information of our users ("Data Subjects"). This Privacy Notice explains how we collect, use, disclose, and safeguard your information when you use our PDF conversion platform, in accordance with the Protection of Personal Information Act, No. 4 of 2013 (POPIA).

2. DEFINITIONS
• Personal Information: Information relating to an identifiable, living, natural person, or an identifiable, existing juristic person.
• Processing: Any operation or activity concerning personal information, including collection, receipt, recording, storage, retrieval, and destruction.
• Data Subject: The person (you or your organization) to whom the personal information relates.
• Operator: A third party who processes personal information for a responsible party in terms of a contract (e.g., our payment processors or hosting providers).

3. INFORMATION WE COLLECT
We collect only the minimum information necessary to provide the Service.

3.1 Account and Billing Information To manage your subscription and prepaid wallet, we process:
• Full name of the primary user/admin.
• Business email address.
• Organization/Company name.
• VAT registration number (where applicable).
• Billing address and payment metadata (Note: We do not store full credit card numbers; these are processed by our PCI-DSS compliant Operators, Paystack and/or Yoco).

3.2 Financial and Document Data (Uploaded Files) To fulfill the conversion service, you upload documents (e.g., bank statements). While these files contain highly sensitive financial data, our processing of this data is automated and ephemeral.

4. DATA MINIMIZATION AND "EPHEMERAL PROCESSING"
Recognizing the sensitivity of financial documents, we adhere to a strict security protocol:
• Automated Conversion: Files are processed by code; no human employee views the content of your uploaded files during the standard course of business.
• Strict Retention Policy: Uploaded PDFs and the resulting converted data (CSV/Excel) are stored temporarily only for the purpose of download. All such files are purged from our active server environment within 60 minutes to 24 hours of processing.
• No Secondary Use: Data extracted from your documents is never used for profiling, analytics, or any purpose other than providing you with the converted output.

5. PURPOSE OF PROCESSING
We process your personal information for the following purposes:
• To establish and maintain your user account and Prepaid Wallet balance.
• To perform the document conversion services as requested.
• To process payments and maintain VAT-compliant financial records for tax compliance (SARS).
• To communicate critical system updates, security alerts, and billing notices.

6. DISCLOSURE TO THIRD PARTIES (OPERATORS)
We do not sell, rent, or trade personal information. We disclose information only to the following categories of Operators:
• Payment Gateways: Paystack and/or Yoco for secure transaction processing and card tokenization.
• Cloud Infrastructure: DigitalOcean for secure data hosting.
• Email Communication: Zoho Mail (via NodeMailer integration) for delivery of transactional emails and OTPs.
All Operators are vetted to ensure they maintain security standards equivalent to our own and are contractually bound to process data only for specified purposes.

7. CROSS-BORDER DATA TRANSFERS
Your information may be stored and processed in cloud infrastructure located outside of South Africa. In such cases, we ensure that the recipient is subject to a law, binding corporate rules, or a binding agreement which provide an adequate level of protection that effectively upholds principles for reasonable processing of the information that are substantially similar to the conditions for the lawful processing of personal information relating to a data subject who is a natural person and, where applicable, a juristic person.

8. SECURITY SAFEGUARDS
We implement appropriate, reasonable technical and organizational measures to prevent loss of, damage to, or unauthorized destruction of personal information. These include:
• Encryption: All data in transit is encrypted using Transport Layer Security (TLS/SSL).
• Access Control: Infrastructure access is restricted to essential personnel via multi-factor authentication.
• Firewalls and Monitoring: Continuous monitoring for unauthorized access attempts.

9. YOUR LEGAL RIGHTS
Under POPIA, you have the right to:
• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we update or correct inaccurate information.
• Deletion: Request that we delete your account information (subject to statutory record-keeping requirements, such as those imposed by SARS for a period of 5 years).
• Objection: Object to the processing of your information for specific purposes.
• Complaint: Lodge a complaint with the South African Information Regulator.

10. INFORMATION OFFICER
In terms of POPIA, the Company has appointed an Information Officer responsible for overseeing compliance.
Information Officer: [Insert Name]
Email: support@proformal.co.za
Physical Address: [Your Business Address]
[Postal Code]
South Africa
Information Regulator (South Africa): JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: enquiries@inforegulator.org.za